From 31cae72f398d32c19f1fdbd2dfb92d45cd3ad73a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20=C5=BBmuda?= Date: Tue, 4 Mar 2025 12:08:12 +0100 Subject: [PATCH 1/2] Fix appsec service name with helm --- crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx index d364eb4ac..7d600065f 100644 --- a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx +++ b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx @@ -82,7 +82,7 @@ controller: ## Appsec configuration, optional. ## Remove this section if not using appsec - name: APPSEC_URL - value: "http://appsec-service.crowdsec.svc.cluster.local:7422" # if using our helm chart, and running the appsec in the "crowdsec" namespace + value: "http://crowdsec-appsec-service.crowdsec.svc.cluster.local:7422" # if using our helm chart with "crowdsec" release name, and running the appsec in the "crowdsec" namespace - name: APPSEC_FAILURE_ACTION value: passthrough # What to do if the appsec is down, optional - name: APPSEC_CONNECT_TIMEOUT # connection timeout to the appsec, in ms, optionial @@ -369,7 +369,7 @@ APPSEC_URL=http://: If set, enable appsec mode and forward the request to this endpoint for analysis. -Use `http://appsec-service.crowdsec.svc.cluster.local:7422` if you are using our helm chart to deploy crowdsec in the `crowdsec` namespace +Use `http://crowdsec-appsec-service.crowdsec.svc.cluster.local:7422` if using our helm chart with `crowdsec` release name, and running the appsec in the `crowdsec` namespace. ### `APPSEC_FAILURE_ACTION` > passthrough | deny From 23c06f03ae3d2470056911438e0629083908eacd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20=C5=BBmuda?= Date: Tue, 4 Mar 2025 12:11:00 +0100 Subject: [PATCH 2/2] change int and bool to string in helm example --- .../unversioned/bouncers/ingress-nginx.mdx | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx index 7d600065f..fcac12475 100644 --- a/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx +++ b/crowdsec-docs/unversioned/bouncers/ingress-nginx.mdx @@ -76,23 +76,23 @@ controller: - name: SITE_KEY value: "" # If you want captcha support otherwise remove this ENV VAR - name: BAN_TEMPLATE_PATH - value: /etc/nginx/lua/plugins/crowdsec/templates/ban.html + value: "/etc/nginx/lua/plugins/crowdsec/templates/ban.html" - name: CAPTCHA_TEMPLATE_PATH - value: /etc/nginx/lua/plugins/crowdsec/templates/captcha.html + value: "/etc/nginx/lua/plugins/crowdsec/templates/captcha.html" ## Appsec configuration, optional. ## Remove this section if not using appsec - name: APPSEC_URL value: "http://crowdsec-appsec-service.crowdsec.svc.cluster.local:7422" # if using our helm chart with "crowdsec" release name, and running the appsec in the "crowdsec" namespace - name: APPSEC_FAILURE_ACTION - value: passthrough # What to do if the appsec is down, optional + value: "passthrough" # What to do if the appsec is down, optional - name: APPSEC_CONNECT_TIMEOUT # connection timeout to the appsec, in ms, optionial - value: 100 + value: "100" - name: APPSEC_SEND_TIMEOUT # write timeout to the appsec, in ms, optional - value: 100 + value: "100" - name: APPSEC_PROCESS_TIMEOUT # max processing duration of the request, in ms, optional - value: 1000 + value: "1000" - name: ALWAYS_SEND_TO_APPSEC - value: false # always send requests to the appsec, even if there's a decision against the IP, optional + value: "false" # always send requests to the appsec, even if there's a decision against the IP, optional command: ['sh', '-c', "sh /docker_start.sh; mkdir -p /lua_plugins/crowdsec/; cp -R /crowdsec/* /lua_plugins/crowdsec/"] volumeMounts: - name: crowdsec-bouncer-plugin